PDA

View Full Version : What is ghp`amfUbrhLds ?



zerotax
2006-08-05, 07:48
I found this registry key in HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.

I have been trying to track down a recurring problem where Run disappears from Start Menu, Task Mgr gets disabled, Shut down icon disappears from Start menu, and computer won't turn off. Not all problems occur at same time. It will look like everything is fine, and later 1 or more problems will be back. I have removed all viruses with Avast 4. S+D did not find any malware that appeared threatening to me.

I thought this weird key night be a clue.

tashi
2006-08-05, 09:31
Hello, please see our 'sticky' topic:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Copy paste the HJT log here into this thread and a helper will advise you as soon as available to do so. :)

zerotax
2006-08-06, 20:11
I've also noticed that sometimes Search disappears from my Start Menu.

Ran online virus programs - they found some stuff. What they couldn't remove, I did.

Logfile of HijackThis v1.99.1
Scan saved at 9:55:26 AM, on 08/06/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\WindowsDefender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Avast4\aswUpdSv.exe
E:\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
E:\UnitedDevices2\SRVANY.exe
E:\MSUserProfileHiveCleanup\uphclean.exe
E:\UnitedDevices2\ud.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
E:\UnitedDevices2\ud_7174683.exe
E:\UnitedDevices2\ud_7174683_0.dir\ud_ligfit_Release.exe
E:\Avast4\ashMaiSv.exe
E:\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
E:\Zone Labs\ZoneAlarm\zlclient.exe
E:\regprot\regprot.exe
E:\RegMon\Regmon.exe
E:\PowerDesk\PDExplo.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis\HijackThis.exe
C:\WINDOWS\Notepad+.exe
C:\Program Files\Outlook Express\msimn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot-S&D\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RegProt] e:\regprot\regprot.exe /start
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Adobe\Acrobat7\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\MSOXP\Office10\OSA.EXE
O4 - Global Startup: Shortcut to Regmon.exe.lnk = E:\RegMon\Regmon.exe
O4 - Global Startup: Shortcut to TCLOCKEX.EXE.lnk = E:\TClockEx\TCLOCKEX.EXE
O4 - Global Startup: Zone Labs Security.lnk = E:\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MSO2003\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MSO2003\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - E:\PDFill4\\DownloadPDF.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123298493498
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.streamload.com/Upload/XUpload.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: UnitedDevices - Unknown owner - E:\UnitedDevices2\SRVANY.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

zerotax
2006-08-09, 13:10
Thanks. Ran additional on-line virus scanner and Ewido. Problem appears to be fixed.

Never did find out what that key is for, tho.

LonnyRJones
2006-08-14, 04:29
Good you solved the problem

Are there any existing symtoms/problems or questions ?

tashi
2006-08-19, 19:29
As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.